Re: [tsvwg] DTLS 1.3 over SCTP
Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 18 July 2023 14:58 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D4DCC15108C for <tsvwg@ietfa.amsl.com>; Tue, 18 Jul 2023 07:58:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jOv7suJ5hFBn for <tsvwg@ietfa.amsl.com>; Tue, 18 Jul 2023 07:58:20 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04on2089.outbound.protection.outlook.com [40.107.7.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26958C14CE3F for <tsvwg@ietf.org>; Tue, 18 Jul 2023 07:58:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oFykmxU8O1LomfvTvFxy/u4K9sorQwryAVcIk55OqX7zEwGeoP8j53+vpWST+QrXndfwnP4YUAppsq7N5CKmuaipgw7i6BTqtRb+u5QMaIjSdABY+O+qtV5If4s4mmzoOmUrdAhtKbSQNygtsPE71geisbDHo4eLeiNV5fxOe+93ss84KOUb9xj9agi5bqZ/GdS3rZxft/EYkhHzAfCZJPJgiFP6/cDCWQ5V6nke4JqIv3Ffr8TwM4qC0xw3qDCzJL9ClNTSErR3gf6ztYMk8UcQB1dBJslzgiQUFKGRXDKM7bYQLrPivT1Pm8GKgABeoVBy2IHojIyzY9ygeQ793g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HkbYpWQrfqNKpy/u/cO9QLJ+IESW2cpEr2/vKhIIZcc=; b=ETmTnF2cALh/rVyQCPtGL9QWYD4CERE9n4SI1X5uwSaj3fhWlVUkJBGF4xGqq4FmKHGtZlG5y/y6gYOQ1DAtP8FHrQHTnEpXVemXJ7K10Q8RXOlYO4Doz8Xat4WDLdYDOUTM8nKJ8CTljCjFDKu8SYE4s2+vkMzQ/5EZxsLhcoYNyJxl/odiDe86l7dzxX33I8My60briUlKZSF/AaaKXG3c2s+NbP5O4nniK6Ska8enzVMuHheFS7BSrGcxCcKmLGh6KYD/AmVTBK31n/DmdV2QgsMv+/9+WYRik5wUhi4Lwr2rHebNxir7xU0SKi2tUEPoi/Lt+IU9iuFFy5zisw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HkbYpWQrfqNKpy/u/cO9QLJ+IESW2cpEr2/vKhIIZcc=; b=TFFtxFKkKwXo+Yq7UcAHcqqlYMe0icfY9ajyWDGT1hkCcqv94UwgeT3bbgzyQIWCt/E29Ib9hC3cojOCksO9TVjnnLlo+FfMxMfj1256oTrJWwdpE0Y2285iC4e6zPFIoSOoe0u1sZNClG6rbSq0tTn/VLfVfmoQI3dt2Oxeb78=
Received: from DU0PR07MB8970.eurprd07.prod.outlook.com (2603:10a6:10:40e::17) by AM8PR07MB7475.eurprd07.prod.outlook.com (2603:10a6:20b:241::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6588.32; Tue, 18 Jul 2023 14:58:16 +0000
Received: from DU0PR07MB8970.eurprd07.prod.outlook.com ([fe80::f42d:c1c8:7d3:f559]) by DU0PR07MB8970.eurprd07.prod.outlook.com ([fe80::f42d:c1c8:7d3:f559%7]) with mapi id 15.20.6588.031; Tue, 18 Jul 2023 14:58:16 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: Michael Tuexen <michael.tuexen@lurchi.franken.de>
CC: tsvwg IETF list <tsvwg@ietf.org>
Thread-Topic: [tsvwg] DTLS 1.3 over SCTP
Thread-Index: AQHZtZdYZRa9TnJdh0CQUleZ9o+qW6+5J6wRgAOJhoCAAQMdFIAAJ+OAgAAGAnaAAEhfAIABJJwjgAAw/oCAAB9dag==
Date: Tue, 18 Jul 2023 14:58:16 +0000
Message-ID: <DU0PR07MB8970D921C1E8ABCFDC4708809538A@DU0PR07MB8970.eurprd07.prod.outlook.com>
References: <0C990143-D450-4288-9390-E06D3469FF1D@lurchi.franken.de> <DU0PR07MB8970107616BF8A5E9D05AF939534A@DU0PR07MB8970.eurprd07.prod.outlook.com> <25FD6896-90BA-4298-A5BE-DDD869A71C37@lurchi.franken.de> <DU0PR07MB897089C304314A47B606EB82953BA@DU0PR07MB8970.eurprd07.prod.outlook.com> <6D224418-07D8-467E-A67D-A40B223207EB@lurchi.franken.de> <DU0PR07MB89707C2F5AB007DFE223408E953BA@DU0PR07MB8970.eurprd07.prod.outlook.com> <67272CCD-05F0-4A33-86F6-F1409EC57553@lurchi.franken.de> <DU0PR07MB8970BFB3F0428E800AD946DA9538A@DU0PR07MB8970.eurprd07.prod.outlook.com> <77ADFC10-34B8-4A08-88FF-AA097548CF08@lurchi.franken.de>
In-Reply-To: <77ADFC10-34B8-4A08-88FF-AA097548CF08@lurchi.franken.de>
Accept-Language: en-US, sv-SE
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DU0PR07MB8970:EE_|AM8PR07MB7475:EE_
x-ms-office365-filtering-correlation-id: e5626bfc-2b91-47d5-1028-08db879f6ad7
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xAObbs94u8cFyJGYd3/j0Lv1A0/wil90lhXaM4Va2WK14mivxiYWvwzveAO4ZnLrkYfOT0wuOqGBBlJp06fO+tIOXfmDem+anvogB5OszRTm+YPslwSOaMCybzuB8CB3cBvYxkXhFsll1iUx6c9YBd5ICiRZKMCEfOhmZNUJoGEsixb8IJDoEzXJJtLbrHvyMIZseCyQ3/d85fqTsb1LA0sPyA0EEIYaeRfQ4xm1zxGHtiKIOi5tunX0MiJNbWBXymHQ1SzIthC5SOyj20/MJ6d8KRzTmuCH/UomzvhFy4UdYRqsLiOGMWFDa/0Z+1ohAGq1sD9ZSbdvqJaojjr/nYoSdFhQk3VGLprPDq5hbSLPaxJBDE9mF9GTWHpUxfe7oHB2qg2P/QGywXUJs/Sp72K1ohTm+4w5xPWlyYeL0fG1b8RvpjAdLObkDyflVA4DGLH5OzEltAevz3whQNBlU/Hji25a7ldA9USi2SM6PdxL5z0ROO54SrRzP+SF1IMw02ozePZqhg314KMITlge4SKTPYVWg1pQ2S2wCg7umN1Y95KGHoH2xZc/AK+0CubaGyx+qSgojVqLnTQF7V7z3gQsqV70/HGI524Dzv2eL/FcPHm3jwmcwH0gZs614+KZTnd5EPOC60J4k/BobAF++EJsccAZ90xXOXXc5ADyLVg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DU0PR07MB8970.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(346002)(136003)(376002)(39860400002)(396003)(366004)(451199021)(55016003)(38070700005)(33656002)(82960400001)(122000001)(38100700002)(7696005)(71200400001)(2906002)(478600001)(41300700001)(9686003)(6506007)(26005)(8936002)(316002)(86362001)(44832011)(76116006)(66946007)(91956017)(5660300002)(66556008)(52536014)(4326008)(8676002)(6916009)(66476007)(64756008)(83380400001)(66446008)(186003); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 05X4DWhFhLydGGJAhokYPj9eZ2v+2TEjCtQ71V8ETrqA/ncrNbMw8NB4wHsphwBWQrgcL3o36o1EOnOumQn8ZebfftvTPOoy2nn+ybOWOsPA59M2L+OIgsgqRG0fJMtGzfoSLzxIkmC1NWWlT2pwdZjmIYb5wwdR8e2tVn4SgijSkZvsEEdCldFBMeh6gnR+iyvPVCt1rD9I6jtyKc8r/Bpvmi5qeI5LdlwdkBwJkP6n7oq9dNRlrXtMUepzBeiZeqpfyyaKMiaHU8kVE3TN/fU033UDPQjsx37lvLZKwumzYDb8DTK6RkY5yG84lkvs1pEGEtPggf/oZzgPrXN7a5iKpSYnau5FOnjGOc8qsdMWUSRGEzoL1KqeFV7BLAFTsXJsk//zzCUtcNgyqr+YO+WaCICHCuaFL5c7/ywhIefnbA23oYlO3wBCODzkk6kUes1OijIWxVVxCllZit9oce4k7XeVYa5Utj+z0OSXeM4XBDWFM46rzu8lW6na/awda/rZPC8UOD78/L5TbYQnWUjb9eVgs11FWgU9vq7ZDD56GofUWGBuNEOXW7lWtAiGlO9kkNJAxUrfV/lyV8NYKxKW6X7IUa81hDkCItsenC9hCREaBSM6uJEMhNVa0f1esKceLXn8P2gkDG9CNXgJD1xpgx3/5Lqu6axs7yqpCBS+2aA5KDXLglExcSqLH5jZE2N83oLIVWHX4gNBTbWb+zcbd2/Y4C853yaPgaH6G7j0BAiBtKkwss1AJBp9oShoIeBZ2KfedXCIS6pWu0sr0LtZhHsJ//Dtjsth0VeYEPW/NNqYss8YVSsEj0k+Cc9+Y52T5I+pNGJR/GWgFalzBlQqVLFQMao+XRdKV+l2YqbznV4mAUSc3YKV/mehlzHbhY6iTl6m+yjcMmBBnxLN8osXBZaCGgsAXjpvjytz6SmDmI29WMkUnTXUMOfXo5KajWKoPA0yhoMDEvBeNUKlQsxOLeh+Yk2Y6w9KlkJMMa/yYOW6rQnAfiH494/WJmsIYiolPOZMPpT1e5nTGNgACkKnBHdtxTLslLuZggmxzurgnNAWxwcZI5dOUMJ4wgoOZb42un+mluhJWgO7mipsn4Ji4RzA3Jg3DVZBHznGskdDl8KDN8mWkKdqyKBHRolTaZjzNFufGafiiP/E+0NrmqyXxh4o7OlTUI4zzJ7cTydeuA1WvpCwf5XrewmQOX6X2csPMHRrG0TU9ha5o2CP0T6vzFGKEYarxtc5xJ1xM6kDPOEZtbiMxStjJl8YN+qFgm/FPma7MSA/w+7bu70Uo91njpe4FxhiILVOGsFho69DnJvU/zwABp3VNNwHOaMjINnqyo0T4QZP8EFFRJayByS7fv7/6iL8yGxsM5Y0uAWzjkRgtUJGCc3Y3VISiJ9lgZoiyrzwIAZtCy6nUcKj+Mf7RYkIRrXW94wZeA1KdF2WGrA6R+jmNf1bBqP8becdG57msc8T8potgCS6X9jyvHT4oXOIoqI7UlAvxAnANQK362pnaolyREFCEGAh9DLzdXszBtqu1ijQnskneRRcyk3+TBpMnQ25BOhXxhazpmJf5fsGfhY/26OL0VCbheqlKn+w8R70eaf8D/MUde7TE6pfbZUn3x/40Wa9rXHyyDg=
Content-Type: multipart/alternative; boundary="_000_DU0PR07MB8970D921C1E8ABCFDC4708809538ADU0PR07MB8970eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DU0PR07MB8970.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e5626bfc-2b91-47d5-1028-08db879f6ad7
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jul 2023 14:58:16.4898 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: F7M/mrSaYbq5/EqItPcwr/xQNd/285CzY/uGQI2uoGY/lqZOy0yxIAsqr9XS5gs8f2M8PVgke2/GwY2DaIw0IYh67APs2gLMJ8WCMu3Bsqc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8PR07MB7475
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/dohigi1y25kkwKukb_pmc44MN3U>
Subject: Re: [tsvwg] DTLS 1.3 over SCTP
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jul 2023 14:58:24 -0000
Hi, > MW: Sorry, I think you need expand on your reasoning here. We are working on an integration of a security solution with a transport protocol. This requires combing the security mechanism with the transport protocol such that both the desired security properties and the transport protocol functionality is fulfilled. In this case 3GPP’s applications using SCTP are such that we have security requirements that exists in other works like IPsec but haven’t been in the forefront in other work such as QUIC, HTTP and DTLS. My point was that the usage policies are not limited to SCTP, but to a use of (D)TLS on long living connections. This is not related to a specific transport protocol. MW: Yes, I think it would be good look into addressing this within TLS, but I don’t see that being resolved in a time frame that makes it possible to delivery anything to 3GPP within the current release, maybe not even the next. So I don’t see this being the solution in the near time. It might be a solution for the future if needed. Repeating a question: Why can't we use SCTP over DTLS? It supports arbitrary large messages, you can control the DTLS properties. The only thing missing (from what I see) is the support of multihoming and dynamic reconfiguration. That isn't that hard. Then you can use multiple DTLS connections to get multihoming and change them over time to get the properties of renegotiation back. It would even run over UDP allowing legacy NAT traversal. So there are multiple reasons for this that I so far thought about: 1. Multihoming support which may require a coordination layer for handling the multiple DTLS connections. Multihoming is in use by some that deploy SCTP for the relevant 3GPP solutions. There appear to be some complex protocol interactions here when it comes to path handling. Basically each path would need its own DTLS connection, and you need machinery to establish it and how it interacts with the SCTP stack. For example these DTLS connections need to exist per tuple pairs, not only SCTP notation of path of destinations. 2. It will require a completely different change to 3GPP, which might be possible, but it comes to agree to IP/UDP/DTLS/SCTP and the configuration of that rather than how SCTP is configured. These applications are interoperability points, which requires not only a solution for configuring, but also to figure out which of the multiple solutions one would run. This compared to DTLS for SCTP that would be negotiated in-band and possibly compared against policy configuration. 3. There would still be a need for a solution for replacing the DTLS connections that encapsulate the SCTP packets. The re-authentication and rekeying problem would not be solved. It is interesting question but which appears to have its set of challenges. I will continue to pursue a DTLS for SCTP solution based on either of the two proposals we have put on the table that do fulfill the 3GPP requirements. Cheers Magnus
- [tsvwg] DTLS 1.3 over SCTP Michael Tuexen
- Re: [tsvwg] DTLS 1.3 over SCTP Claudio Porfiri
- Re: [tsvwg] DTLS 1.3 over SCTP Michael Tuexen
- Re: [tsvwg] DTLS 1.3 over SCTP Claudio Porfiri
- Re: [tsvwg] DTLS 1.3 over SCTP Michael Tuexen
- Re: [tsvwg] DTLS 1.3 over SCTP Claudio Porfiri
- Re: [tsvwg] DTLS 1.3 over SCTP Michael Tuexen
- Re: [tsvwg] DTLS 1.3 over SCTP Claudio Porfiri
- Re: [tsvwg] DTLS 1.3 over SCTP Michael Tuexen
- Re: [tsvwg] DTLS 1.3 over SCTP Magnus Westerlund
- Re: [tsvwg] DTLS 1.3 over SCTP Michael Tuexen
- Re: [tsvwg] DTLS 1.3 over SCTP Magnus Westerlund
- Re: [tsvwg] DTLS 1.3 over SCTP Michael Tuexen
- Re: [tsvwg] DTLS 1.3 over SCTP Magnus Westerlund
- Re: [tsvwg] DTLS 1.3 over SCTP Michael Tuexen
- Re: [tsvwg] DTLS 1.3 over SCTP Magnus Westerlund
- Re: [tsvwg] DTLS 1.3 over SCTP Michael Tuexen
- Re: [tsvwg] DTLS 1.3 over SCTP Magnus Westerlund
- Re: [tsvwg] DTLS 1.3 over SCTP Michael Tuexen
- Re: [tsvwg] DTLS 1.3 over SCTP Magnus Westerlund
- Re: [tsvwg] DTLS 1.3 over SCTP Michael Tuexen